Andrea Danti - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Windows Secure Boot broken after Microsoft leaks golden key

Microsoft accidentally released the golden key for Windows Secure Boot, causing a serious security issue for the company despite putting only less popular devices at risk.

Although experts said the security risk may be limited, Microsoft will likely face a hit to its reputation after accidentally releasing the golden keys for Windows Secure Boot.

The issue was discovered by two researchers, my123 and slipstream, who noted in a blog post the only devices affected were those on which Windows Secure Boot was enabled and users could not disable it, including Windows RT, HoloLens and Windows Phone.

Amol Sarwate, director of vulnerability labs at Qualys Inc., said because of this, and the fact that physical access to the target device was needed, the risk to enterprise is limited.

"Technically speaking one could have a Windows PC or server with Secure Boot, but there is no big impact as typically these machines are unlocked, i.e., you can boot your computer into its firmware settings and switch off Secure Boot or delete keys from its database," Sarwate told SearchSecurity via email. "The impact is on Windows RT tablets and phones where disabling Secure Boot is not otherwise possible without the leaked policy (i.e., golden key) signed by Microsoft."

Windows Secure Boot is designed to ensure only an operating system signed by Microsoft itself can be run on a device by matching a Device ID and verifying the signature. However, my123 and slipstream found that Microsoft added a new "supplemental" secure boot policy in the Windows 10 Anniversary Update which does not perform those checks because it was intended for use by developers and not meant to be released in the retail version of the software.                         

"The 'supplemental' policy does not contain a Device ID. And, because they were meant to be merged into a base policy, they don't contain any BCD rules either, which means that if they are loaded, you can enable testsigning," the researchers wrote. "Not just for Windows (to load unsigned driver, i.e., rootkit), but for the {bootmgr} element as well, which allows bootmgr to run what is effectively an unsigned .efi. You can see how this is very bad. A backdoor, which MS put in to secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere."

Even worse, Microsoft may not be able to fix the issue. My123 and slipstream noted that Microsoft has already attempted a patch to blacklist the policies, but they said this is insufficient because "an attacker can just replace a later bootmgr with an earlier one" and "it'd be impossible in practice for MS to revoke every bootmgr earlier than a certain point, as they'd break install media, recovery partitions, backups, etc."

Garve Hays, solutions architect at Micro Focus, said at best Microsoft could only partially fix the issue.

"Microsoft has already issued two patches and has announced a third. This mitigates the issue for most cases. Nonetheless, it is still possible to circumvent the updates. Furthermore, if a device owner refuses to accept the update, then he or she will maintain the ability to load another operating system or introduce creative policies of their own," Hays told SearchSecurity. "As long as older boot managers remain valid, they can be used to replace the newer ones with tighter restrictions. As such, Microsoft faces a difficult choice: They may mark older boot managers as untrusted, but in doing so, they close the door to backward compatibility. A decision that history shows us they have been unwilling to make in the past."

Next Steps

Learn more about pre-boot protection on Windows tablets.

Find out how to use Windows ELAM to secure the boot process and detect rootkits.

Get info on protecting Windows startup from a compressed Boot Manager file.

Dig Deeper on Microsoft Windows security